From c6c199161baf9ea9e0d7be38b05afbf376de5fca Mon Sep 17 00:00:00 2001 From: Daniel Schosser Date: Mon, 11 May 2020 10:54:35 +0200 Subject: [PATCH] fix: Remove CSP header from nginx --- config/docker/nginx.conf | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/config/docker/nginx.conf b/config/docker/nginx.conf index 8db49546..9c529346 100644 --- a/config/docker/nginx.conf +++ b/config/docker/nginx.conf @@ -25,8 +25,7 @@ http { add_header 'X-Frame-Options' 'deny always'; add_header 'X-XSS-Protection' '"1; mode=block" always'; add_header 'X-Content-Type-Options' 'nosniff always'; - add_header 'Content-Security-Policy' '"default-src \'none\'" always'; - add_header 'Referrer-Policy' 'strict-origin-when-cross-origin always'; + add_header 'Referrer-Policy' 'strict-origin-when-cross-origin'; # Set access control header add_header 'Access-Control-Allow-Origin' '*'; @@ -48,8 +47,7 @@ http { add_header 'X-Frame-Options' 'deny always'; add_header 'X-XSS-Protection' '"1; mode=block" always'; add_header 'X-Content-Type-Options' 'nosniff always'; - add_header 'Content-Security-Policy' '"default-src \'none\'" always'; - add_header 'Referrer-Policy' 'strict-origin-when-cross-origin always'; + add_header 'Referrer-Policy' 'strict-origin-when-cross-origin'; # Set access control header add_header 'Access-Control-Allow-Origin' '*'; @@ -61,8 +59,7 @@ http { add_header 'X-Frame-Options' 'deny always'; add_header 'X-XSS-Protection' '"1; mode=block" always'; add_header 'X-Content-Type-Options' 'nosniff always'; - add_header 'Content-Security-Policy' '"default-src \'none\'" always'; - add_header 'Referrer-Policy' 'strict-origin-when-cross-origin always'; + add_header 'Referrer-Policy' 'strict-origin-when-cross-origin'; # Set access control header add_header 'Access-Control-Allow-Origin' '*';